Security Weekly Podcast Network (Video)

Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and UnCaptcha2. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Follow us on Twitter: https://www.twitter.com/securityweekly

This week how to moderate a panel discussion, the secret to leading organizational change is empathy, DevOps explained, 5 cloud computing predictions for 2019, and the top 3 things CIOs lose sleep over. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode112

Hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you're over that New Year's hangover, because there's an Adobe PDF app patch to install! Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly

The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance. Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly

"Phoneboy" has been helping the security community for over 15 years. We fondly remember Phoneboy as a resource that helped us configure our Check Point firewalls back in the day! Phoneboy comes on the show to discuss how to help people in the security community, a topic near and dear to our hearts. Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly

Following a series of 5 strokes and major head injuries, Mandy is no longer in the construction engineering industry. Instead, she is pursuing all things InfoSec with an emphasis on Incident Response, Neuro Integration, Artificial General Intelligence, sustainable, ethical neuro tech, and improving the lives and community of InfoSec professionals and Neurodiverse professionals. She enjoys art, requires loads of rest still, and hopes to be half the person her service dog, Trevor, is. Support Mandy by going to her GoFundMe Page: https://www.gofundme.com/hacking-recovery-brainstem-stroke Full Show Notes: https://wiki.securityweekly.com/Episode587 Follow us on Twitter: https://www.twitter.com/securityweekly

The question comes up quite often, what should organizations be doing to meet the basic security requirements? We often hear the terms "Security Basics", "Minimum Security Standards" or dear lord "Security Hygiene". But what does all this mean? Is it the same for everyone? People will point to different resources that attempt to define the security basics, but do they really work? Does compliance play into this picture? Full Show Notes: https://wiki.securityweekly.com/Episode587 Follow us on Twitter: https://www.twitter.com/securityweekly

Vaughn will discuss using freely available tools and logs you are already collecting to detect attacker behavior. Vaughn has a cookbook that will allow you to configure and analyze logs to detect attacks in your environment. You don't need anything fancy to detect attacks, use what you have along with freely available tools and techniques! To get involved with LogRhythm, go to: https://securityweekly.com/logrhythm Full Show Notes: https://wiki.securityweekly.com/Episode587 Follow us on Twitter: https://www.twitter.com/securityweekly

Paul, Matt Alderman, and John Strand talk Paul's Top Ten List of 2018! They talk about Paul's personal favorite acquisitions, breaches, vulnerabilities, interviews, attack tools, news articles, and more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode120 Visit http://securityweekly.com/esw for all the latest episodes!

Bitdefender offers new managed threat monitoring service, Symantec and Fortinet partner to deliver robust and comprehensive cloud security service, Untangle partners with Malwarebytes to bring layered security to SMBs, and more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode120 Visit http://securityweekly.com/esw for all the latest episodes!

Facebook bug exposed private photos of 6.8 million users, thousands of Jenkins servers will let anonymous users become admins, Signal app can't include a backdoor for the Australian government, WordPress plugs bug that led to Google indexing some user passwords, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Matt and Paul discuss how to be productive during the holiday season, how to work from home without losing your mind, how to talk to your boss when you're underperforming, selling your product as you build it, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111

Harry Sverdlove is the CTO of Edgewise. Harry joins Keith and Paul to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more! To get involved with Edgewise, go to: https://www.edgewise.net/securityweekly Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Bob Ackerman is a legend in venture capital investing and is referred to as one of "Cyber's Money Men". Bob is the Founder and Managing Director of venture capital firm AllegisCyber, Co-Founder of DataTribe, Maryland's Cyber Start-up Studio, and the Founder and Executive Chairman of FounderÕs Equity Partners. Bob, welcome to Business Security Weekly. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111

How Taylor Swift used Facial Recognition to Thwart Stalkers, unlocking android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, To Hell with it, Just patch your stuff already! Full Show Notes: https://wiki.securityweekly.com/Episode586 Follow us on Twitter: https://www.twitter.com/securityweekly

Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018, joins us on the show to talk about this years challenge and what's in store! "Welcome to Counter Hack Challenges, an organization devoted to creating educational, interactive challenges and competitions to help identify people with information security interest, potential, skills, and experience. We design and operate a variety of capture-the-flag and quiz-oriented challenges for the SANS Institute, Cyber Aces, US Cyber Challenge, and other organizations. Our featured products include NetWars, CyberCity, Holiday Hack Challenge, Cyber Aces Online, and several Cyber Quests." Join KringleCon: www.kringlecon.com Full Show Notes: https://wiki.securityweekly.com/Episode586 Follow us on Twitter: https://www.twitter.com/securityweekly

NopSec announces the latest release of its flagship product, Minerva Labs Anti-Evasion Platform achieves VMware ready status, SecurityScorecard announces partnership with cybernance to drive holistic view of cyber risk across the enterprise, and we have some acquisition and funding updates from Venafi, WhiteFox, and Pindrop! Full Show Notes: https://wiki.securityweekly.com/ES_Episode119 Visit http://securityweekly.com/esw for all the latest episodes!

Don Murdoch is the Assistant Director at Regent University Cyber Range. Don discusses his book "Blue Team Handbook Incident Response Edition". Full Show Notes: https://wiki.securityweekly.com/Episode586 Follow us on Twitter: https://www.twitter.com/securityweekly

This segment is sponsored by Acalvio. Check out their deception technologies by visiting https://securityweekly.com/acalvio. And remember, all [cyber] war is based on deception! Our guest is John Bradshaw, the Sr. Director of Solutions Engineering at Acalvio Technologies. John has more than 25 years of experience in the Cyber Security industry focusing on advanced, targeted threats. John joins Paul Asadoorian and John Strand to discuss the five tenets of enterprise deception, levels of interactivity for deception targets, and many more interest facets of deception technologies as they are applied to an enterprise security program! To learn more about Acalvio, go to: https://securityweekly.com/acalvio Full Show Notes: https://wiki.securityweekly.com/ES_Episode119 Visit http://securityweekly.com/esw for all the latest episodes!

Kubernetes instances are being hijacked worldwide, malicious sites abuse 11-year old Firefox bug that Mozilla failed to fix, Google is on a Witch Hunt for Internal Leakers, a botnet of over 20,000 WordPress sites is attacking other WordPress sites, the rise of visual studio code, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

Chris Elgee is a full time husband, father of four, and technical engineer at Counter Hack Challenges. Chris joins Keith and Paul this week to talk about the Counter Hack Challenge, how it's been working on the challenge vs. playing it, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

How to collaborate with people you don't like, the right way to solve complex business problems, what the habits are of successful people, three things to know before you land a tech job, a CISO's wishlist, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110

Brian Carey is a Senior Security Consultant at Rapid7, specializing in: Security Program Assessments, Security Program Development, Vulnerability Management Program Development, Security Awareness and Policy Development. In this interview, we discuss emerging trends that he is seeing with his clients, and how they impact their clients' security programs, including maturity, roadmap, and recommendations! To learn more about Rapid7, go to: www.rapid7.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110

This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott Breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersecurity, and how someone is claiming to sell a Mass Printer Hijacking service! Full Show Notes: https://wiki.securityweekly.com/Episode585 Follow us on Twitter: https://www.twitter.com/securityweekly

Marcello Salvati is a security consultant at BHIS, and is giving a technical segment on SilentTrinity. Marcello will solve the red team tradecraft problem of gaining dynamic access to the .net api without going through powershell. To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW Full Show Notes: https://wiki.securityweekly.com/Episode585 Follow us on Twitter: https://www.twitter.com/securityweekly

Lenny Zeltser the VP of Products at Minerva, will be giving a technical segment on Evasion Tactics in Malware from the Inside Out. He will explain the tactics malware authors use to evade detection and analysis and find out how analysts examine these aspects of malicious code with a disassembler and a debugger. To learn more about Minerva Labs, go to: https://l.minerva-labs.com/security-weekly Full Show Notes: https://wiki.securityweekly.com/Episode585 Follow us on Twitter: https://www.twitter.com/securityweekly

Ixia extends collaboration with ProtectWise, Ping Identity brings in New Customer Identity as a service solution, Fortinet introduces new security automation capabilities on AWS, and Yubico announces YubiHSM 2 integration with AWS IoT Greengrass! Full Show Notes: https://wiki.securityweekly.com/ES_Episode118 Visit http://securityweekly.com/esw for all the latest episodes!

Mike Nichols, the VP of Product for Endgame, joins us for an interview to talk about MITRE evaluation of Endgame, Open-Source Query Language EQL, and Storytime with Mike! To learn more about Endgame, go to: www.endgame.com Full Show Notes: https://wiki.securityweekly.com/ES_Episode118 Visit http://securityweekly.com/esw for all the latest episodes!

Hackers are opening SMB ports on routers to infect PCs with NSA malware, bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities, malware & rogue users can spy on some apps' HTTPS crypto, exploiting developer infrastructure is insanely easy, the state of JavaScript, Amazon announces Firecracker, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 Follow us on Twitter: https://www.twitter.com/securityweekly

Paul and Jason Alburquerque discuss The new math of leadership, How pragmatic leaders can transform stuck organizations, and Why building a work community is critical! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode109

Aleksei Tiurin is the Senior Security Researcher for Acunetix. He is performing a technical segment on reverse proxies using weblogic, Tomcat, and Nginx. To learn more about Acunetix, go to: www.acunetix.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 Follow us on Twitter: https://www.twitter.com/securityweekly

Matt Alderman interviews Jay Prassl, the CEO of Automox. Jay Prassl explains what Automox does, how Automox bridges the gap between ITOps and SecOps use case, and how Automox defines the way to patch systems in the MacOS, Linux, Windows, and MSP. To learn more about Automox, go to: www.automox.com Full Show Notes: https://wiki.securityweekly.com/BSWEpisode109

Hackers breach Dunkin Donuts, how insiders are serious threats to security in an organization, the return of email flooding, Microsoft helps police shut down fake tech support in India, and how Las Vegas police are cracking down on Black Market marijuana sales! Full Show Notes: https://wiki.securityweekly.com/Episode584 Follow us on Twitter: https://www.twitter.com/securityweekly

Wietse Venema and Dan Farmer, the Developers of Security Administrator Tool for Analyzing Networks (SATAN), talk about their experience as developers, their journey to creating SATAN and their decision to keep SATAN a open source tool. Full Show Notes: https://wiki.securityweekly.com/Episode584 Follow us on Twitter: https://www.twitter.com/securityweekly

Sven will talk about PHP Object injection vulnerabilities and explain the dangers of PHP's unserialize function. He will show the format of serialized PHP Objects, explain PHP's magic methods and how to write an exploit for a PHP Object Injection vulnerability during his technical demo. Full Show Notes: https://wiki.securityweekly.com/Episode584 To learn more about Netsparker, go to: https://www.netsparker.com/securityweekly Follow us on Twitter: https://www.twitter.com/securityweekly

tackPath launches EdgeEngine Serverless Computing, Alcide advances Cloud-Native security Firewall platform, Orkus launches Access Governance platform for Cloud Security, Tufin announces a new Cloud Security solution, and more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode117 Visit http://securityweekly.com/esw for all the latest episodes!

Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly

Jeremy Winter is Director of Azure Management, responsible for areas such as Azure Governance, Policy, Configuration, PowerShell, Disaster Recovery, Azure Migrate and the Azure Portal Experiences from within Azure Compute. He joins Paul and John to talk about Microsoft's Azure program, the shift in CloudOps and how it matters to security, and how it helps further the evolving roles of Cloud Ops and Cloud Security. Full Show Notes: https://wiki.securityweekly.com/ES_Episode117 Visit http://securityweekly.com/esw for all the latest episodes!

The million-dollar question of cyber-risk, risk assessments essential to secure third-party vendor management, how digital tech is transforming business ecosystem, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode108

Brent Dukes is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF's, Pentesting, Burp Suite, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly

Richard Seiersen a CISO with experience ranging from small technology companies to multi-national conglomerates. He joins Matt and Paul this week to talk about Richard's CISO experience and expertise, and the book Richard co-authored called, "How to Measure Anything in Cybersecurity Risk". Full Show Notes: https://wiki.securityweekly.com/BSWEpisode108

Israeli cybersecurity company Tufin plans NASDAQ IPO, F-Secure boosts endpoint detection and response, Mimecast joins IBM Security app exchange community, and Awake Security debuts Network Traffic Analysis Platform to detect risks! Full Show Notes: https://wiki.securityweekly.com/ES_Episode116 Visit http://securityweekly.com/esw for all the latest episodes!

Rick Fernandez is the Sr. Sales Engineer focused on Sales Integrators at LogRhythm. The discussion is about what Sis want isn't that different from the Enterprise. They discuss automating the hunt, contextualizing and enriching before analysts have to work with the alarm/data, and the ability to scale contextualization and enrichment so it pulls from your entire environment, not just a single source/log/event. Full Show Notes: https://wiki.securityweekly.com/ES_Episode116 Visit http://securityweekly.com/esw for all the latest episodes!

Our interviews with Jeff Hudson the CEO of Venafi, Dr. Kimberlee A. Brannock and Michael Howard from HP, and Ben Bennett and Mark Hearn from Irdeto. For Full DefCon18 Playlist, go to: https://securityweekly.com/summercamp18 Visit http://securityweekly.com/esw for all the latest episodes!

Jason Alburquerque and Paul discuss six ways you can establish which goals are important, how to diversify your professional network, the impact of perception and bias on leadership, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode107

Michael Pleasant is the Chief Executive Officer at Open Security. Michael talks about how his transferring from Marine training to a business environment, brought a different perspective/technique to the business. He also talks about his company Open Source and their mission for the client. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode107

Instagram leaks passwords to the public, Clickjacking on Google MyAccount Worth $7,500, James Wickett's thread on Open Source SAST options, an advanced search tool for sensitive information stored in GitHub repos, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Follow us on Twitter: https://www.twitter.com/securityweekl

Previously co-founder and head of product at Layered Insight, John now leads container security engineering at Qualys after it's acquisition of Layered Insight. John talks about Qualys' Container Security that centralized, continuous discovery and tracking for containers and images. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Follow us on Twitter: https://www.twitter.com/securityweekly

7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used a computer! Full Show Notes: https://wiki.securityweekly.com/Episode583 Follow us on Twitter: https://www.twitter.com/securityweekly

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. John Moran talks about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs. To learn more about DFLabs, go to: www.dflabs.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode583 Follow us on Twitter: https://www.twitter.com/securityweekly